nerdexam
EC-Council

312-50V10 · Question #214

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attac

The correct answer is C. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are. The attacker used a /28 prefix in his nmap command instead of the correct /26, limiting his scan to 192.168.1.64-192.168.1.79 and excluding the servers at .122, .123, and .124.

Scanning Networks

Question

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is: nmap 192.168.1.64/28 Why he cannot see the servers?

Options

  • AHe needs to change the address to 192.168.1.0 with the same mask
  • BHe needs to add the command ""ip address"" just before the IP address.
  • CHe is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are
  • DThe network must be down and the nmap command and IP address are ok

How the community answered

(29 responses)
  • A
    24% (7)
  • B
    10% (3)
  • C
    59% (17)
  • D
    7% (2)

Why each option

The attacker used a /28 prefix in his nmap command instead of the correct /26, limiting his scan to 192.168.1.64-192.168.1.79 and excluding the servers at .122, .123, and .124.

AHe needs to change the address to 192.168.1.0 with the same mask

Changing to 192.168.1.0 would target a different subnet segment entirely and would not resolve the incorrect prefix length causing the servers to be missed.

BHe needs to add the command ""ip address"" just before the IP address.

There is no 'ip address' parameter in nmap; this is not a valid nmap command option and would result in a syntax error.

CHe is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers areCorrect

A /28 subnet mask covers only 16 addresses (192.168.1.64 to 192.168.1.79), with usable hosts from .65 to .78. The actual network uses a /26 mask (255.255.255.192), which spans 192.168.1.64 to 192.168.1.127. Because the attacker scanned with /28, the servers at .122, .123, and .124 fall completely outside the scanned range and are therefore invisible to nmap.

DThe network must be down and the nmap command and IP address are ok

The network is not necessarily down; the root cause is the incorrect /28 prefix length causing the scan range to exclude the servers.

Concept tested: Nmap subnet scanning with CIDR prefix notation

Source: https://nmap.org/book/man-target-specification.html

Topics

#nmap#subnet calculation#CIDR notation#IP range scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice